One of the first macro malware attacks on Mac users was discovered this week, on Monday, by security researcher Snorre Fagerland. Mac users have been generally ignored by malware authors, similarly to Linux users. The first-stage payload was taken from EmPyre, a post-exploitation OS X/Linux agent written in Python 2.7.7. The server from where the Word macro script downloaded the second stage payload was located in Russia, on an IP address previously associated with other malware campaigns.
Source: https://www.bleepingcomputer.com/news/security/macro-malware-hits-mac-users/